Loblaw Customer Data Breach via Compromised IT Network Segment
Loblaw Companies Limited disclosed that attackers gained unauthorized access to a contained, non-critical portion of its IT network and exfiltrated basic customer information. The company said the exposed data includes names, phone numbers, and email addresses, while its investigation has so far found no evidence that passwords, payment card data, health or pharmacy records, or PC Financial systems were compromised. Loblaw said it detected suspicious activity, contained the affected environment, and launched an investigation into the intrusion.
Reporting on the incident indicates the breach affected customer records stored in that segmented environment, creating follow-on risk of phishing and social engineering against impacted individuals. As a precaution, Loblaw logged customers out of their accounts, and external reporting noted no public threat actor claim tied to the intrusion at the time of publication. The available information indicates a limited but confirmed exposure of personally identifiable information rather than a compromise of Loblaw’s core operational, financial, or medical data systems.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Loblaw publicly discloses customer data breach
Loblaw publicly confirmed that a cyber intrusion exposed basic customer information from a limited part of its IT network. At the time of disclosure, no threat actor had publicly claimed responsibility and no Loblaw data had been seen advertised on underground forums.
Loblaw contains the incident and forces customer logouts
In response to the breach, Loblaw secured the affected network segment, activated incident response measures, and expired active customer sessions across its platforms. The company also advised customers to log back in and consider changing their passwords, warning that the exposed data could be used for phishing or smishing.
Attackers access and exfiltrate basic customer contact information
During the intrusion, threat actors accessed basic customer information, including names, phone numbers, and email addresses. Loblaw said more sensitive data such as passwords, health and pharmacy information, credit card details, and PC Financial systems were not compromised.
Loblaw detects suspicious activity in a contained IT network segment
Loblaw identified suspicious activity in a contained, non-critical portion of its IT environment and began investigating a corporate cyber incident. The company determined that unauthorized actors had infiltrated that segment of the network.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
teiss - News - Canadian retail giant Loblaw confirms cyber intrusion exposed basic customer information
teiss.co.uk
Open sourceLoblaw reports customer data breach after IT network intrusion | brief | SC Media
scworld.com
Open sourceLoblaw Data Breach - Hackers Accessed IT Network and Customer Information
cybersecuritynews.com
Open sourceCanadian retail giant Loblaw notifies customers of data breach
bleepingcomputer.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Canadian Tire E-commerce Database Breach Exposes Data for Over 38 Million Accounts
**Canadian Tire Corporation** disclosed a major breach of its **e-commerce customer database** after identifying unauthorized access on **October 2, 2025**, exposing personal data tied to **38+ million customer accounts**. Exposed data included names, physical addresses, email addresses, year of birth (and for **<150,000** accounts, full dates of birth), and **encrypted passwords**; some records also contained **truncated payment card numbers**. The company stated the exposed financial data could not be used to conduct transactions, and reported **no impact** to in-store systems, *Canadian Tire Bank*, or *Triangle Rewards*. Canadian Tire reported it **remediated the underlying issue**, notified regulators, and planned customer notifications and **credit monitoring**. *Have I Been Pwned* added the incident to its corpus, reporting roughly **42 million records** (including **~38.3 million email addresses**) and indicating the dataset includes **PBKDF2 password hashes** along with additional fields such as phone numbers and gender, increasing the likelihood of credential-stuffing and identity-fraud follow-on activity.
Mar 27, 2026
Customer Data Exposed in LDLC and LuLu Retail Breaches
French retailer **LDLC** disclosed a breach affecting customers of its physical stores after stolen data was advertised for sale on a hacking forum. The exposed dataset reportedly included **1.26 million unique email addresses** along with customers' names, phone numbers, and physical addresses, indicating broad exposure of personally identifiable information tied to retail transactions. Emirati retailer **LuLu** also suffered a customer data breach in which an initial set of about **190,000 email addresses** and linked phone numbers was shared on a hacking forum. The incident escalated when the threat actor later leaked a larger backup from **October 2022**, exposing an additional **2.6 million unique email addresses** as well as names, physical addresses, order data, and **`PBKDF2` password hashes**, significantly increasing the risk of account compromise and follow-on phishing or fraud.
Mar 27, 2026
Starbucks Employee Data Breach via Phishing of Partner Central Accounts
**Starbucks** disclosed a data breach affecting employee *Partner Central* accounts after attackers used phishing sites impersonating the company’s login portal to steal valid credentials and access internal HR-related records. The company said it became aware of the intrusion on or about February 6, 2026, and a subsequent investigation found unauthorized access to **889 employee accounts** between January 19 and February 11. The compromised data included employees’ full names, **Social Security numbers**, dates of birth, and bank account and routing information, creating elevated risk of identity theft and financial fraud. Starbucks said it engaged external cybersecurity experts, notified law enforcement, and implemented additional security measures around Partner Central access following the incident. Affected employees were advised to monitor financial accounts for suspicious activity, and the company is offering **24 months of Experian IdentityWorks** identity protection and credit monitoring. Reporting that focuses on the same incident consistently attributes the breach to credential theft through fake Partner Central websites, while separate coverage of **Loblaw** concerns a different retail-sector intrusion and is not part of the Starbucks event.
Mar 21, 2026